2024-10-14: Cybersecurity Awareness Month: Advanced AI Phishing Attacks (O Behalf of Jackson Muhirwe, CISSP, Ph.D, Chief Information Security Officer)

*********PLEASE GIVE WIDEST DISTRIBUTION**********

October 14, 2024

TO:      UC Santa Barbara Campus Community

FR:       Jackson Muhirwe, CISSP, Ph.D, Chief Information Security Officer

RE:       Cybersecurity Awareness Month: Advanced AI Phishing Attacks

 

UCSB is participating in UC Cybersecurity Awareness Month (UCCAM) during the month of October. The goal of UCCAM is to increase systemwide awareness about cybersecurity and to educate our campus community on ways to better protect yourselves and your devices from cyber-attacks. This week we will focus on understanding advanced phishing attacks.

 

The Evolving Threat of AI-Enhanced Phishing

Artificial Intelligence (AI) is revolutionizing phishing attacks by amplifying their speed, scale, and sophistication. Cybercriminals are increasingly leveraging both publicly available and custom AI tools to execute highly targeted phishing attacks. These AI-driven attacks are notable for their ability to craft highly convincing and personalized messages, making them more difficult to detect than previous phishing attacks.

 

How AI Powers Phishing Attacks

  1. Enhanced Personalization: AI tools can analyze vast amounts of data to create personalized phishing messages. By scanning social media and other online sources, these tools can generate emails or texts that appear to come from trusted individuals or organizations, such as colleagues or reputable companies. This level of personalization increases the likelihood of deceiving recipients.

  2. Increased Automation: AI facilitates the automation of phishing attacks, enabling cybercriminals to launch large-scale campaigns with minimal manual effort. Machine learning models can quickly analyze and exploit vulnerabilities, enhancing the speed and effectiveness of these attacks.

  3. Refined Execution: AI tools can produce phishing content with impeccable grammar and spelling, further mimicking legitimate communications. This precision reduces the chance that someone with traditional security awareness training can detect a phishing attempt.

 

Best Practices for Protection

  1. Verify sources: Use chatbots only on trusted websites that you have navigated to yourself. Avoid interacting with chatbots linked through suspicious emails or texts. Always check the “from” address in emails before clicking on any links. For example, if an email claims to be from Walmart, the domain should match Walmart’s official web address.

  2. Employ advanced security tools: Utilize security solutions that leverage AI to detect and block phishing attempts. Modern tools can analyze email content, URLs, and attachments for signs of malicious activity.

  3. Be cautious with unsolicited requests: Always verify the identity of anyone requesting sensitive information, especially if the request comes through unexpected channels. Contact the requester through a known and trusted method if in doubt.

  4. Limit what you share online: Be cautious about the personal information you share on social media or other online profiles. Information such as your full name, birthdate, address, or job title can be used by attackers to craft convincing phishing attempts. Avoid oversharing and adjust privacy settings to control who can view your information.

 

As AI technology improves, phishing attacks will become even more sophisticated. To protect yourself, stay informed and follow strong security practices. By understanding how AI is used in phishing and taking preventive steps, you can better defend against these advanced cyber threats.

 

Don’t forget to check out UCSB’s lineup of CSAM events this month! Students, staff, faculty, family, and friends are all encouraged to join and learn. The UC Cyber Champions group also has a full list of systemwide events occurring throughout October. We appreciate your engagement and hope you stay cyber safe!